Vulnerabilities > Nokia > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-21 CVE-2022-36222 Use of Hard-coded Credentials vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.
local
low complexity
nokia CWE-798
8.4
8.4
2022-10-12 CVE-2022-28866 Missing Authorization vulnerability in Nokia Airframe BMC web GUI R18 Firmware
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00.
network
low complexity
nokia CWE-862
8.8
8.8
2022-09-13 CVE-2022-39817 SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.
network
low complexity
nokia CWE-89
8.8
8.8
2022-09-13 CVE-2022-39819 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
8.8
8.8
2022-09-13 CVE-2022-39821 Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs.
network
low complexity
nokia CWE-532
7.5
7.5
2021-12-27 CVE-2021-45896 Unspecified vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
network
low complexity
nokia
8.8
8.8
2021-09-20 CVE-2021-32287 Out-of-bounds Write vulnerability in Nokia Heif
An issue was discovered in heif through v3.6.2.
local
low complexity
nokia CWE-787
7.8
7.8
2021-09-20 CVE-2021-32288 Out-of-bounds Write vulnerability in Nokia Heif
An issue was discovered in heif through v3.6.2.
local
low complexity
nokia CWE-787
7.8
7.8
2019-11-25 CVE-2019-17403 Unrestricted Upload of File with Dangerous Type vulnerability in Nokia Impact
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.
network
low complexity
nokia CWE-434
8.8
8.8
2019-03-05 CVE-2019-3921 Out-of-bounds Write vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/.
network
low complexity
nokia CWE-787
8.8
8.8